The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page in a <frame> or <iframe>. This is a client-side security issue that affects a variety of browsers and platforms.
Steps to reproduce:
1. Create a new HTML file
2. Put the following code inside the file
<html>
<head>
<title>ClickJacking PoC</title>
</head>
ClickJacking PoC
<iframe src=" https://meeting-reminders.com/login " height="450" width="1000"></iframe>
</body>
</html>
3. Save the file
4. Open the document in the browser
Impact:
The victim surfs the attacker’s web page intending to interact with the visible user interface but is inadvertently performing actions on the hidden page. Using the hidden page, an attacker can deceive users into performing actions they never intended to perform through the positioning of the hidden elements in the web page.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page in a <frame> or <iframe>. This is a client-side security issue that affects a variety of browsers and platforms.
Steps to reproduce:
1. Create a new HTML file
2. Put the following code inside the file
<html>
<head>
<title>ClickJacking PoC</title>
</head>
ClickJacking PoC
<iframe src=" https://meeting-reminders.com/login " height="450" width="1000"></iframe>
</body>
</html>
3. Save the file
4. Open the document in the browser
Impact:
The victim surfs the attacker’s web page intending to interact with the visible user interface but is inadvertently performing actions on the hidden page. Using the hidden page, an attacker can deceive users into performing actions they never intended to perform through the positioning of the hidden elements in the web page.
